1
0
mirror of https://github.com/django/django.git synced 2024-12-23 09:36:06 +00:00
Commit Graph

31728 Commits

Author SHA1 Message Date
Sarah Boyce
ae0ca8345d [4.2.x] Post-release version bump. 2024-08-06 15:32:16 +02:00
Sarah Boyce
4d32ebcd57 [4.2.x] Bumped version for 4.2.15 release. 2024-08-06 14:56:30 +02:00
Simon Charette
f4af67b9b4 [4.2.x] Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields.
Thanks Eyal (eyalgabay) for the report.
2024-07-31 16:12:35 +02:00
Mariusz Felisiak
efea1ef7e2 [4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.
Thanks Seokchan Yoon for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-31 16:12:23 +02:00
Sarah Boyce
d0a82e26a7 [4.2.x] Fixed CVE-2024-41990 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thanks to MProgrammer for the report.
2024-07-31 16:12:11 +02:00
Sarah Boyce
fc76660f58 [4.2.x] Fixed CVE-2024-41989 -- Prevented excessive memory consumption in floatformat.
Thanks Elias Myllymäki for the report.

Co-authored-by: Shai Berger <shai@platonix.com>
2024-07-31 16:11:59 +02:00
Sarah Boyce
7b1a76f899 [4.2.x] Added stub release notes and release date for 4.2.15.
Backport of 3f88089069 from main.
2024-07-31 11:29:30 +02:00
Lorenzo Peña
96a3497400 [4.2.x] Fixed #35627 -- Raised a LookupError rather than an unhandled ValueError in get_supported_language_variant().
LocaleMiddleware didn't handle the ValueError raised by
get_supported_language_variant() when language codes were
over 500 characters.

Regression in 9e9792228a.

Backport of 0e94f292cd from main.
2024-07-25 09:44:51 +02:00
Mariusz Felisiak
c5d196a652 [4.2.x] Fixed auth_tests and file_storage tests on Python 3.8. 2024-07-11 11:10:15 +02:00
Natalia
8e59e33400 [4.2.x] Added CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, and CVE-2024-39614 to security archive.
Backport of e095c7612d from main.
2024-07-09 12:00:22 -03:00
Natalia
72f6c7d3a6 [4.2.x] Post-release version bump. 2024-07-09 11:08:49 -03:00
Natalia
98cf264c9c [4.2.x] Bumped version for 4.2.14 release. 2024-07-09 10:53:02 -03:00
Sarah Boyce
17358fb35f [4.2.x] Fixed CVE-2024-39614 -- Mitigated potential DoS in get_supported_language_variant().
Language codes are now parsed with a maximum length limit of 500 chars.

Thanks to MProgrammer for the report.
2024-07-09 10:40:50 -03:00
Natalia
2b00edc015 [4.2.x] Fixed CVE-2024-39330 -- Added extra file name validation in Storage's save method.
Thanks to Josh Schneier for the report, and to Carlton Gibson and Sarah
Boyce for the reviews.
2024-07-09 10:40:48 -03:00
Michael Manfre
156d3186c9 [4.2.x] Fixed CVE-2024-39329 -- Standarized timing of verify_password() when checking unusuable passwords.
Refs #20760.

Thanks Michael Manfre for the fix and to Adam Johnson for the review.
2024-07-09 10:40:46 -03:00
Adam Johnson
79f3687642 [4.2.x] Fixed CVE-2024-38875 -- Mitigated potential DoS in urlize and urlizetrunc template filters.
Thank you to Elias Myllymäki for the report.

Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
2024-07-09 10:40:37 -03:00
Natalia
446cdab134 [4.2.x] Added stub release notes for 4.2.14. 2024-07-03 14:18:28 -03:00
Natalia
d26c8838d0 [4.2.x]Post-release version bump. 2024-05-07 14:44:42 -03:00
Sarah Boyce
3bf46e2e02 [4.2.x] Bumped version for 4.2.13 release. 2024-05-07 17:37:03 +02:00
Sarah Boyce
b46b94e66c [4.2.x] Added release notes for 4.2.13.
Backport of 90175e110e from main.
2024-05-07 17:35:16 +02:00
Natalia
1536833e93 [4.2.x] Post-release version bump. 2024-05-06 14:36:28 -03:00
Sarah Boyce
6193c720b5 [4.2.x] Bumped version for 4.2.12 release. 2024-05-06 17:24:48 +02:00
Sarah Boyce
3f9c8fc1f9 [4.2.x] Added release date for 4.2.12.
Backport of 34a503162f from main.
2024-05-06 14:44:17 +02:00
Sarah Boyce
256f719cb3 [4.2.x] Reverted "Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin."
This reverts commit 0fc832676c.
2024-04-19 13:29:30 +02:00
Adam Johnson
0fc832676c [4.2.x] Fixed #34994, Fixed #35386 -- Applied checkbox-row CSS class unconditionally in Admin.
Backport of bdd76c4c38 from main.
2024-04-19 11:28:02 +02:00
Natalia
1d85b416aa [4.2.x] Refs #35361 -- Clarified release notes for 4.2.12.
Backport of cd823778e6 from main.
2024-04-12 15:07:36 +02:00
Natalia
27c32cc991 [4.2.x] Fixed #35361 -- Added release notes for 4.2.12 for backport of b231bcd19e.
Backport of 42435fc55c from main.
2024-04-10 18:29:33 +02:00
Mariusz Felisiak
0d3ddcaf2c [4.2.x] Refs #34900, Refs #35361 -- Fixed SafeMIMEText.set_payload() crash on Python 3.13.
Payloads with surrogates are passed to the set_payload() since
f97f25ef5d

Backport of b231bcd19e from main.
2024-04-10 18:18:52 +02:00
Mariusz Felisiak
a76c52b19a [4.2.x] Added CVE-2024-27351 to security archive.
Backport of da39ae4b5f from main
2024-03-04 10:12:58 +01:00
Mariusz Felisiak
721c566859 [4.2.x] Post-release version bump. 2024-03-04 08:47:11 +01:00
Mariusz Felisiak
61a986f53d [4.2.x] Bumped version for 4.2.11 release. 2024-03-04 08:43:32 +01:00
Shai Berger
3c9a2771cc [4.2.x] Fixed CVE-2024-27351 -- Prevented potential ReDoS in Truncator.words().
Thanks Seokchan Yoon for the report.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2024-03-04 08:36:56 +01:00
Mariusz Felisiak
7973951139 [4.2.x] Added release date for 4.2.11 and 3.2.25.
Backport of 977d254169 from main
2024-02-26 08:29:04 +01:00
Daniel Garcia Moreno
86d8034972 [4.2.x] Refs #34900, Refs #34118 -- Updated assertion in test_skip_class_unless_db_feature() test on Python 3.12.2+.
Python 3.12.2 bring back the skipped tests in the number of running
tests. Refs
0a737639dc

Backport of bc8471f0aa from main
2024-02-10 17:08:48 +01:00
Mariusz Felisiak
cb173bb088 [4.2.x] Fixed #35172 -- Fixed intcomma for string floats.
Thanks Warwick Brown for the report.

Regression in 55519d6cf8.

Backport of 2f14c2cedc from main.
2024-02-08 11:00:36 +01:00
Natalia
227ef29cff [4.2.x] Added CVE-2024-24680 to security archive.
Backport of c650c1412d from main
2024-02-06 12:16:50 -03:00
Natalia
e2f1907642 [4.2.x] Post release version bump. 2024-02-06 10:04:22 -03:00
Natalia
a684d73fc9 [4.2.x] Bumped version for 4.2.10 release. 2024-02-06 09:57:24 -03:00
Adam Johnson
572ea07e84 [4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.
Thanks Seokchan Yoon for the report.

Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Co-authored-by: Shai Berger <shai@platonix.com>
2024-02-06 09:56:20 -03:00
nessita
9fe7411235
[4.2.x] Pinned black == 23.12.1 for blacken-docs checks. 2024-01-30 05:47:27 +01:00
nessita
71dd587da9
[4.2.x] Pinned black == 23.12.1 in GitHub actions, pre-commit and test requirements. 2024-01-29 12:53:06 -03:00
Natalia
74582b8d11 [4.2.x] Added stub release notes for 4.2.10 and 3.2.24.
Backport of 06d0a1bd56 from main
2024-01-29 12:09:52 -03:00
Mariusz Felisiak
4198a5cb2d [4.2.x] Post-release version bump. 2024-01-02 10:11:39 +01:00
Mariusz Felisiak
f339c4c8e4 [4.2.x] Bumped version for 4.2.9 release. 2024-01-02 10:10:11 +01:00
Mariusz Felisiak
0a4c5e56b4 [4.2.x] Added release date for 4.2.9.
Backport of f82a2c3b3d from main.
2024-01-02 09:59:12 +01:00
Tom Carrick
ca43990813 [4.2.x] Fixed #35012 -- Restored wrapping admin fieldsets with multiple fields per line.
Thanks James Gillard for the report.

Regression in 729266c6f2.

Backport of 4aae864463 from main
2023-12-13 12:34:53 +01:00
Mariusz Felisiak
d9ba0ea6cb [4.2.x] Added stub release notes for 4.2.9.
Backport of 464af0975c from main
2023-12-05 06:12:20 +01:00
Mariusz Felisiak
a315e82f31 [4.2.x] Post-release version bump. 2023-12-04 09:29:47 +01:00
Mariusz Felisiak
dff965798e [4.2.x] Bumped version for 4.2.8 release. 2023-12-04 09:26:51 +01:00
Mariusz Felisiak
52e28e5fbf [4.2.x] Added release date for 4.2.8.
Backport of 8fcb9f1f10 from main
2023-12-04 09:25:56 +01:00